Search
Total
6686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37379 | 1 Apache | 1 Airflow | 2023-08-29 | N/A | 8.1 HIGH |
| Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. | |||||
| CVE-2023-38831 | 1 Rarlab | 1 Winrar | 2023-08-29 | N/A | 7.8 HIGH |
| RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023. | |||||
| CVE-2023-24959 | 1 Ibm | 1 Infosphere Information Server | 2023-08-29 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332. | |||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2023-08-28 | N/A | 7.5 HIGH |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | |||||
| CVE-2022-47696 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 7.8 HIGH |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | |||||
| CVE-2022-47695 | 1 Gnu | 1 Binutils | 2023-08-26 | N/A | 7.8 HIGH |
| An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | |||||
| CVE-2021-30047 | 1 Vsftpd Project | 1 Vsftpd | 2023-08-25 | N/A | 7.5 HIGH |
| VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. | |||||
| CVE-2020-26652 | 1 Realtek | 2 Rtl8812au, Rtl8812au Firmware | 2023-08-25 | N/A | 7.5 HIGH |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | |||||
| CVE-2023-39748 | 1 Tp-link | 2 Tl-wr1041n V2, Tl-wr1041n V2 Firmware | 2023-08-25 | N/A | 7.5 HIGH |
| An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2020-20813 | 1 Openvpn | 1 Openvpn | 2023-08-25 | N/A | 7.5 HIGH |
| Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet. | |||||
| CVE-2020-19726 | 1 Gnu | 1 Binutils | 2023-08-25 | N/A | 8.8 HIGH |
| An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | |||||
| CVE-2023-36787 | 1 Microsoft | 1 Edge Chromium | 2023-08-24 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-37369 | 2 Debian, Qt | 2 Debian Linux, Qt | 2023-08-24 | N/A | 7.5 HIGH |
| In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | |||||
| CVE-2023-40272 | 1 Apache | 1 Apache-airflow-providers-apache-spark | 2023-08-24 | N/A | 7.5 HIGH |
| Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected. | |||||
| CVE-2023-20212 | 1 Cisco | 2 Secure Endpoint, Secure Endpoint Private Cloud | 2023-08-24 | N/A | 7.5 HIGH |
| A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition. | |||||
| CVE-2023-4357 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-08-24 | N/A | 8.8 HIGH |
| Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-40315 | 1 Opennms | 2 Horizon, Meridian | 2023-08-23 | N/A | 8.0 HIGH |
| In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. | |||||
| CVE-2023-40313 | 1 Opennms | 2 Horizon, Meridian | 2023-08-23 | N/A | 8.8 HIGH |
| A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | |||||
| CVE-2023-38402 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2023-08-23 | N/A | 7.1 HIGH |
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process. | |||||
| CVE-2023-38401 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2023-08-23 | N/A | 7.8 HIGH |
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system. | |||||
| CVE-2023-38721 | 1 Ibm | 1 I | 2023-08-23 | N/A | 7.8 HIGH |
| The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor could gain access to a command line with elevated privileges allowing root access to the host operating system. IBM X-Force ID: 262173. | |||||
| CVE-2023-35809 | 1 Sugarcrm | 1 Sugarcrm | 2023-08-23 | N/A | 8.8 HIGH |
| An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected. | |||||
| CVE-2023-21718 | 1 Microsoft | 1 Sql Server | 2023-08-23 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-40340 | 1 Jenkins | 1 Nodejs | 2023-08-22 | N/A | 7.5 HIGH |
| Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. | |||||
| CVE-2023-40339 | 1 Jenkins | 1 Config File Provider | 2023-08-22 | N/A | 7.5 HIGH |
| Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. | |||||
| CVE-2023-32487 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure. | |||||
| CVE-2023-32495 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. An authorized local attacker could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2023-32006 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2023-08-22 | N/A | 8.8 HIGH |
| The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | |||||
| CVE-2023-4241 | 1 Cloudflare | 1 Lol-html | 2023-08-22 | N/A | 7.5 HIGH |
| lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. | |||||
| CVE-2022-29871 | 1 Intel | 431 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 428 more | 2023-08-22 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32486 | 1 Dell | 1 Powerscale Onefs | 2023-08-22 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges. | |||||
| CVE-2023-4368 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-08-22 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-42828 | 1 Apple | 1 Macos | 2023-08-22 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2023-40518 | 1 Litespeedtech | 1 Openlitespeed | 2023-08-22 | N/A | 7.5 HIGH |
| LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP request headers. | |||||
| CVE-2023-29360 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2023-08-21 | N/A | 8.4 HIGH |
| Microsoft Streaming Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-4339 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions | |||||
| CVE-2023-4343 | 1 Broadcom | 1 Raid Controller Web Interface | 2023-08-21 | N/A | 7.5 HIGH |
| Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter | |||||
| CVE-2023-21286 | 1 Google | 1 Android | 2023-08-21 | N/A | 7.8 HIGH |
| In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-0872 | 1 Opennms | 2 Horizon, Meridian | 2023-08-21 | N/A | 8.0 HIGH |
| The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. | |||||
| CVE-2023-28483 | 1 Tigergraph | 1 Tigergraph | 2023-08-21 | N/A | 8.8 HIGH |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query language provides users with the ability to write data to files on a remote TigerGraph server. The locations that a query is allowed to write to are configurable via the GSQL.FileOutputPolicy configuration setting. GSQL queries that contain UDFs can bypass this configuration setting and, as a consequence, can write to any file location to which the administrative user has access. | |||||
| CVE-2023-21275 | 1 Google | 1 Android | 2023-08-21 | N/A | 7.8 HIGH |
| In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21281 | 1 Google | 1 Android | 2023-08-21 | N/A | 7.8 HIGH |
| In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-32267 | 1 Microfocus | 1 Arcsight Management Center | 2023-08-21 | N/A | 8.8 HIGH |
| A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited. | |||||
| CVE-2022-38973 | 1 Intel | 4 Arc A750, Arc A750 Firmware, Arc A770 and 1 more | 2023-08-21 | N/A | 7.1 HIGH |
| Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access. | |||||
| CVE-2022-36392 | 1 Intel | 134 B150, B250, B360 and 131 more | 2023-08-21 | N/A | 7.5 HIGH |
| Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-45112 | 1 Intel | 1 Virtual Raid On Cpu | 2023-08-21 | N/A | 7.8 HIGH |
| Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-21235 | 1 Google | 1 Android | 2023-08-21 | N/A | 7.8 HIGH |
| In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35390 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2023-08-20 | N/A | 7.8 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-38180 | 1 Microsoft | 3 .net, Asp.net Core, Visual Studio 2022 | 2023-08-20 | N/A | 7.5 HIGH |
| .NET and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2022-39189 | 1 Linux | 1 Linux Kernel | 2023-08-19 | N/A | 7.8 HIGH |
| An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. | |||||